Only 53 Australians used a Facebook quiz app responsible for the Cambridge Analytica data breach, meaning the vast majority of 310,000 affected citizens did not directly consent to the harvesting of their personal details.

On Monday, Facebook began contacting 87m Facebook users around the world, including in Australia, to tell them their personal information was shared with Cambridge Analytica, a firm that helped Donald Trump to victory and aided the Brexit campaign.

The vast breach was facilitated by a little-known personality quiz app, named “thisisyourdigitallife”, which collected the personal information of participants and their Facebook friends.

Guardian Australia can reveal just 53 Australians used the quiz app. That means the vast majority of the 311,127 Australians affected were simply friends of others who had used the quiz app, whether in Australia or abroad, and gave no real consent to the harvesting of their data.

The revelation has surprised internet safety experts, including Nigel Phair, from the University of Canberra. Phair said the number was surprisingly low, given the total number of Australians affected.

“If you told me to have a stab in the dark, I don’t know what I would have said, but it wouldn’t have been that,” Phair said.

A similar trend was seen in New Zealand. About 64,000 New Zealanders’ accounts were compromised in the Cambridge Analytica breach. Just 10 New Zealanders downloaded the personality quiz.

Australians and New Zealanders may also have been exposed to the breach by Facebook friends abroad.

The Australian Privacy Foundation chairman, David Vaile, said even those 53 who had used the app likely gave consent to the use of their information in dubious circumstances.

Vaile said the quiz’s users gave what was “quite likely to be a bad and crippling” consent, where terms and conditions could be changed at any point, consent was irrevocable and based on an intrinsically unfair contract, and given after the user was overloaded with confusing information and impenetrable legal concepts.

He said the notion that the users of the personality quiz could give consent for information harvesting on behalf of others was “basically a nonsense”.

“It’s going to be the textbook case of why consent is coming into disrepute as a model for dealing with particularly complicated information, because in a sense it has all those bad consent characteristics,” Vaile said.

Facebook has grappled with its response to the Cambridge Analytica scandal since the Guardian revealed that vast troves of data had been misused to develop software that could sway voters and predict their behaviour.

Facebook has since faced a growing boycott and significant pressure on its chief executive, Mark Zuckerberg, to explain Facebook’s failure to protect users’ data from third-party apps. Zuckerberg is expected to expected to testify before Congress this week.

The company is cracking down on the data access available to third-party developers and is investigating every app that has previously accessed large amounts of user data.

Facebook is also sending a notice to all 2.2bn Facebook users on “Protecting Your Information”. The notice will allow users to see what information is being shared with the apps they use.

Zuckerberg will defend Facebook as 'positive force in the world' in testimony

Read more

The 87m who have been affected will receive a detailed message on their news feeds. The majority of those affected, about 70m, live in the United States.

The Australian Competition and Consumer Commission is currently in the early stages of an inquiry into digital platforms, and the privacy commissioner, Timothy Pilgrim, has also launched an investigation into the breach.

But Phair was sceptical that the Cambridge Analytica breach would be the last scandal of its type.

He said Facebook was under increasing pressure to monetise its users because it had almost reached market saturation.

“So they’ve got to come up with new and exciting and innovative ways to monetise their existing user base,” Phair said. “Before it was easy, while they were growing, you just keep on monetising new users, that’s the easy bit. Now, how do they monetise continually their existing user base?

“That’s why I think you’re going to see more of it, because they need to keep being cute with how they slice and dice user information and behaviour.”